Compare commits
14 Commits
cbb8595380
...
v2.0.0
| Author | SHA1 | Date | |
|---|---|---|---|
| 6206ed49ff | |||
| 478af79158 | |||
| 6f9d0ae7df | |||
| db4be32b54 | |||
| 9d5c7960c9 | |||
| f53e673c3f | |||
| 16df6570bc | |||
| 38d6967f68 | |||
| 0a99c75a91 | |||
| cb794e755f | |||
| d29bff3324 | |||
| cbaadc40c4 | |||
| 7e96583455 | |||
| 19a8f3a082 |
+5
-1
@@ -73,8 +73,12 @@
|
||||
|
||||
#
|
||||
# Exclude files from exporting
|
||||
# only export helper scripts
|
||||
#
|
||||
|
||||
.gitattributes export-ignore
|
||||
.gitignore export-ignore
|
||||
.vscode/* export-ignore
|
||||
.vscode export-ignore
|
||||
.idea export-ignore
|
||||
build export-ignore
|
||||
README.md export-ignore
|
||||
|
||||
@@ -4,23 +4,23 @@ Containerized fully-functional implementation of NGINX running on Alpine **as a
|
||||
|
||||
## Contents
|
||||
|
||||
[Alternate repository](#alternate-repository)
|
||||
[Documentation and scripts](#documentation-and-scripts)
|
||||
[Permissions](#permissions)
|
||||
[Container layout](#container-layout)
|
||||
[Content directory](#content-directory)
|
||||
[Configuration directory](#configuration-directory)
|
||||
[Quick-start](#quick-start)
|
||||
[Mounting content](#mounting-content)
|
||||
[Mounting configurations](#mounting-configurations)
|
||||
[Mounting server-blocks](#mounting-server-blocks)
|
||||
[TLS](#tls)
|
||||
[Environment variables](#environment-variables)
|
||||
[Shell mode](#shell-mode)
|
||||
[Drop to shell before NGINX loads](#drop-to-shell-before-nginx-loads)
|
||||
[Enter a running container](#enter-a-running-container)
|
||||
[Logs](#logs)
|
||||
[Final thoughts](#final-thoughts)#final-thoughts)
|
||||
[Alternate repository](#alternate-repository)<br>
|
||||
[Documentation and scripts](#documentation-and-scripts)<br>
|
||||
[Permissions](#permissions)<br>
|
||||
[Container layout](#container-layout)<br>
|
||||
[Content directory](#content-directory)<br>
|
||||
[Configuration directory](#configuration-directory)<br>
|
||||
[Quick-start](#quick-start)<br>
|
||||
[Mounting content](#mounting-content)<br>
|
||||
[Mounting configurations](#mounting-configurations)<br>
|
||||
[Mounting server-blocks](#mounting-server-blocks)<br>
|
||||
[TLS](#tls)<br>
|
||||
[Environment variables](#environment-variables)<br>
|
||||
[Shell mode](#shell-mode)<br>
|
||||
[Drop to shell before NGINX loads](#drop-to-shell-before-nginx-loads)<br>
|
||||
[Enter a running container](#enter-a-running-container)<br>
|
||||
[Logs](#logs)<br>
|
||||
[Final thoughts](#final-thoughts)
|
||||
|
||||
## Alternate repository
|
||||
|
||||
@@ -34,9 +34,13 @@ Check out the [repo wiki](https://git.asifbacchus.app/ab-docker/ab-nginx/wiki) f
|
||||
|
||||
The container does **NOT** run under the root account. It runs under a user named *www-docker* with a UID of 8080. **This means any files you mount into the container need to be readable (and/or writable depending on your use-case) by UID 8080**. This does not mean just content files, it also includes configurations, server-blocks and *certificates*! Before mounting your files, ensure this is the case. There are more detailed instructions in the [wiki](https://git.asifbacchus.app/ab-docker/ab-nginx/wiki) if you need help setting file permissions.
|
||||
|
||||
This is a significant change versus most other NGINX implementations/containers where the main process is run as root and the *worker processes* run as a limited user. In those cases, permissions don’t matter since NGINX can always use the root account to read any files (and especially certificates!) it needs. Please understand this difference.
|
||||
This is a significant change versus most other NGINX implementations/containers where the main process is run as root
|
||||
and the *worker processes* run as a limited user. In those cases, permissions don’t matter since NGINX can always use
|
||||
the root account to read any files (and especially certificates!) it needs. Please understand this difference.
|
||||
|
||||
If you need to change the UID, then you’ll need to rebuild the container using the [Dockerfile in the git repo](#https://git.asifbacchus.app/ab-docker/ab-nginx). The process would be something like this:
|
||||
If you need to change the UID, then you’ll need to rebuild the container using
|
||||
the [Dockerfile in the git repo](https://git.asifbacchus.app/ab-docker/ab-nginx). The process would be something like
|
||||
this:
|
||||
|
||||
```bash
|
||||
# clone the repo
|
||||
@@ -249,4 +253,3 @@ I think that's everything to get you going if you are already familiar with dock
|
||||
If I've forgotten anything, you find any bugs or you have suggestions, please file an issue either on my private [git server ](https://git.asifbachus.app/ab-docker/ab-nginx) or on [github](https://github.com/asifbacchus/ab-nginx). Also, I am *not* affiliated with NGINX in any way, so please **do not** bother them with any issues you find with this container. Bother me instead, I actually enjoy it!
|
||||
|
||||
**All the best and have fun!**
|
||||
|
||||
|
||||
+163
-97
@@ -1,7 +1,7 @@
|
||||
#!/bin/sh
|
||||
|
||||
### update script for ab-nginx container and utility scripts
|
||||
# version 1.0.0
|
||||
# version 2.0.0
|
||||
# script by Asif Bacchus
|
||||
###
|
||||
|
||||
@@ -23,40 +23,63 @@ okNotify() {
|
||||
printf "%s[OK]%s\n" "$ok" "$norm"
|
||||
}
|
||||
|
||||
scriptHelp() {
|
||||
textNewline
|
||||
textblock "Update ${containerName} container and helper script files"
|
||||
textblock "${bold}Usage: ${localScriptName} [parameters]${norm}"
|
||||
textNewline
|
||||
textblock "If run with no parameters, the script will update both the container and the helper script files, including this update script."
|
||||
textblockHeader " parameters "
|
||||
textblockParam "-h|-?|--help" "Display this help screen."
|
||||
textblockParam "-c|--container|--container-only" "Update the docker container only."
|
||||
textblockParam "-s|--scripts|--scripts-only" "Update the helper scripts (including this update script) only."
|
||||
textNewline
|
||||
exit 0
|
||||
}
|
||||
|
||||
textblock() {
|
||||
printf "%s\n" "$1" | fold -w "$width" -s
|
||||
}
|
||||
|
||||
textblockHeader() {
|
||||
printf "\n%s***%s***%s\n" "$header" "$1" "$norm"
|
||||
}
|
||||
|
||||
textblockParam() {
|
||||
printf "%s%-35s%s%s\n" "$info" "$1" "$2" "$norm"
|
||||
}
|
||||
|
||||
textNewline() {
|
||||
printf "\n"
|
||||
}
|
||||
|
||||
### text formatting presets
|
||||
if command -v tput >/dev/null 2>&1; then
|
||||
bold=$(tput bold)
|
||||
err=$(tput bold)$(tput setaf 1)
|
||||
info=$(tput bold)$(tput setaf 6)
|
||||
header=$(tput bold)$(tput setaf 5)
|
||||
norm=$(tput sgr0)
|
||||
ok=$(tput sgr0)$(tput setaf 2)
|
||||
warn=$(tput bold)$(tput setaf 3)
|
||||
width=$(tput cols)
|
||||
else
|
||||
bold=''
|
||||
err=''
|
||||
info=''
|
||||
header=''
|
||||
norm=''
|
||||
ok=''
|
||||
warn=''
|
||||
width=80
|
||||
fi
|
||||
|
||||
### pre-requisites
|
||||
|
||||
# check if wget is installed
|
||||
if ! command -v wget >/dev/null 2>&1; then
|
||||
errMsg "Sorry, this script requires that 'wget' is installed in order to download updates. Exiting."
|
||||
fi
|
||||
|
||||
# check if docker is installed
|
||||
if ! command -v docker >/dev/null 2>&1; then
|
||||
errMsg "Sorry, it appears that docker is not installed on this machine! Exiting."
|
||||
fi
|
||||
|
||||
# is user root or in the docker group?
|
||||
if [ ! "$(id -u)" -eq 0 ]; then
|
||||
if ! id -Gn | grep docker >/dev/null; then
|
||||
errMsg "You must either be root or in the 'docker' group to pull container updates."
|
||||
fi
|
||||
fi
|
||||
|
||||
# zero counters
|
||||
updatesAvailable=0
|
||||
downloadFailed=0
|
||||
@@ -71,114 +94,157 @@ containerUpdatePath="docker.asifbacchus.app/$dockerNamespace/$containerName:late
|
||||
server="https://asifbacchus.app/updates/docker/$dockerNamespace/$containerName/"
|
||||
checksumFilename='checksums.sha256'
|
||||
|
||||
# operation triggers
|
||||
doDockerUpdate=1
|
||||
doScriptUpdate=1
|
||||
|
||||
# files to update
|
||||
localScriptName="$(basename "$0")"
|
||||
repoScriptName='update.sh'
|
||||
|
||||
### update container
|
||||
printf "%s\n*** Updating %s container and service scripts ***\n\n%s" "$info" "$containerName" "$norm"
|
||||
### process startup parameters
|
||||
while [ $# -gt 0 ]; do
|
||||
case "$1" in
|
||||
-h | -\? | --help)
|
||||
# display inline help
|
||||
scriptHelp
|
||||
;;
|
||||
-s | --scripts | --scripts-only)
|
||||
# update scripts only, skip docker container update
|
||||
doDockerUpdate=0
|
||||
;;
|
||||
-c | --container | --container-only)
|
||||
# update docker container only, skip script update
|
||||
doScriptUpdate=0
|
||||
;;
|
||||
*)
|
||||
printf "%s\nUnknown option: %s\n" "$err" "$1"
|
||||
printf "%sUse '--help' for valid options%s\n\n" "$info" "$norm"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
printf "Updating container:\n"
|
||||
if ! docker pull "$containerUpdatePath"; then
|
||||
errMsg "There was an error updating the container. Try again later."
|
||||
else
|
||||
okMsg "Container updated!"
|
||||
### update container
|
||||
if [ "$doDockerUpdate" -eq 1 ]; then
|
||||
# check if docker is installed
|
||||
if ! command -v docker >/dev/null 2>&1; then
|
||||
errMsg "Sorry, it appears that docker is not installed on this machine! Exiting."
|
||||
fi
|
||||
|
||||
# is user root or in the docker group?
|
||||
if [ ! "$(id -u)" -eq 0 ]; then
|
||||
if ! id -Gn | grep docker >/dev/null; then
|
||||
errMsg "You must either be root or in the 'docker' group to pull container updates."
|
||||
fi
|
||||
fi
|
||||
|
||||
printf "%s\n*** Updating %s container ***\n\n%s" "$info" "$containerName" "$norm"
|
||||
if ! docker pull "$containerUpdatePath"; then
|
||||
errMsg "There was an error updating the container. Try again later."
|
||||
else
|
||||
okMsg "Container updated!"
|
||||
fi
|
||||
fi
|
||||
|
||||
### update scripts
|
||||
printf "%sUpdating %s service scripts%s\n" "$info" "$containerName" "$norm"
|
||||
if [ "$doScriptUpdate" -eq 1 ]; then
|
||||
printf "%s*** Updating %s service scripts ***%s\n" "$info" "$containerName" "$norm"
|
||||
|
||||
## download latest checksums
|
||||
printf "Getting latest checksums... "
|
||||
if ! wget --quiet --tries=3 --timeout=10 -N "${server}${checksumFilename}"; then
|
||||
errNotify
|
||||
errMsg "Unable to download checksums. Try again later."
|
||||
else
|
||||
okNotify
|
||||
fi
|
||||
|
||||
## check for updates to this script
|
||||
printf "Checking for updates to this script... "
|
||||
repoScriptChecksum=$(grep "$repoScriptName" "$checksumFilename" | grep -o '^\S*')
|
||||
localScriptChecksum=$(sha256sum "$localScriptName" | grep -o '^\S*')
|
||||
if [ "$localScriptChecksum" = "$repoScriptChecksum" ]; then
|
||||
printf "[NONE]\n"
|
||||
else
|
||||
printf "[AVAILABLE]\n"
|
||||
printf "Getting updated script... "
|
||||
# download updated script
|
||||
if ! wget --quiet --tries=3 --timeout=10 -O "update.sh.tmp" "${server}${repoScriptName}"; then
|
||||
## download latest checksums
|
||||
printf "Getting latest checksums... "
|
||||
if ! wget --quiet --tries=3 --timeout=10 -N "${server}${checksumFilename}"; then
|
||||
errNotify
|
||||
# delete failed download as necessary
|
||||
rm -f ./update.sh.tmp 2>/dev/null
|
||||
errMsg "Unable to download script update. Try again later."
|
||||
errMsg "Unable to download checksums. Try again later."
|
||||
else
|
||||
# verify download
|
||||
dlScriptChecksum=$(sha256sum "update.sh.tmp" | grep -o '^\S*')
|
||||
if ! [ "$dlScriptChecksum" = "$repoScriptChecksum" ]; then
|
||||
printf "[ERROR]\n"
|
||||
# delete corrupt download as necessary
|
||||
okNotify
|
||||
fi
|
||||
|
||||
## check for updates to this script
|
||||
printf "Checking for updates to this script... "
|
||||
repoScriptChecksum=$(grep "$repoScriptName" "$checksumFilename" | grep -o '^\S*')
|
||||
localScriptChecksum=$(sha256sum "$localScriptName" | grep -o '^\S*')
|
||||
if [ "$localScriptChecksum" = "$repoScriptChecksum" ]; then
|
||||
printf "[NONE]\n"
|
||||
else
|
||||
printf "[AVAILABLE]\n"
|
||||
printf "Getting updated script... "
|
||||
# download updated script
|
||||
if ! wget --quiet --tries=3 --timeout=10 -O "update.sh.tmp" "${server}${repoScriptName}"; then
|
||||
errNotify
|
||||
# delete failed download as necessary
|
||||
rm -f ./update.sh.tmp 2>/dev/null
|
||||
errMsg "Checksum mismatch! Try again later."
|
||||
errMsg "Unable to download script update. Try again later."
|
||||
else
|
||||
okNotify
|
||||
printf "\n%s*** This script has been updated. Please re-run it to load the updated version of this file. ***%s\n\n" "$warn" "$norm"
|
||||
# overwrite this script with updated script
|
||||
mv -f ./update.sh.tmp "$localScriptName"
|
||||
# verify download
|
||||
dlScriptChecksum=$(sha256sum "update.sh.tmp" | grep -o '^\S*')
|
||||
if ! [ "$dlScriptChecksum" = "$repoScriptChecksum" ]; then
|
||||
printf "[ERROR]\n"
|
||||
# delete corrupt download as necessary
|
||||
rm -f ./update.sh.tmp 2>/dev/null
|
||||
errMsg "Checksum mismatch! Try again later."
|
||||
else
|
||||
okNotify
|
||||
printf "\n%s*** This script has been updated. Please re-run it to load the updated version of this file. ***%s\n\n" "$warn" "$norm"
|
||||
# overwrite this script with updated script
|
||||
mv -f ./update.sh.tmp "$localScriptName"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
## update files
|
||||
while IFS=' ' read -r field1 field2; do
|
||||
printf "\nChecking '%s' for updates... " "$field2"
|
||||
updateFilename="$field2"
|
||||
repoFileChecksum="$field1"
|
||||
if [ -f "$updateFilename" ]; then
|
||||
## update files
|
||||
while IFS=' ' read -r field1 field2; do
|
||||
printf "\nChecking '%s' for updates... " "$field2"
|
||||
updateFilename="$field2"
|
||||
repoFileChecksum="$field1"
|
||||
if [ -f "$updateFilename" ]; then
|
||||
localFileChecksum=$(sha256sum "$updateFilename" | grep -o '^\S*')
|
||||
else
|
||||
localFileChecksum=0
|
||||
fi
|
||||
|
||||
# update file if necessary
|
||||
if ! [ "$localFileChecksum" = "$repoFileChecksum" ]; then
|
||||
printf "[AVAILABLE]\n"
|
||||
updatesAvailable=$((updatesAvailable + 1))
|
||||
# download update
|
||||
printf "Downloading updated '%s'... " "$updateFilename"
|
||||
if ! wget --quiet --tries=3 --timeout=10 -O "$updateFilename.tmp" "${server}${updateFilename}"; then
|
||||
errNotify
|
||||
downloadFailed=$((downloadFailed + 1))
|
||||
# delete failed download file as necessary
|
||||
rm -f "$updateFilename.tmp" 2>&1
|
||||
else
|
||||
okNotify
|
||||
downloadSuccess=$((downloadSuccess + 1))
|
||||
# verify download
|
||||
printf "Verifying '%s'... " "$updateFilename"
|
||||
localFileChecksum=$(sha256sum "$updateFilename.tmp" | grep -o '^\S*')
|
||||
if ! [ "$localFileChecksum" = "$repoFileChecksum" ]; then
|
||||
localFileChecksum=0
|
||||
fi
|
||||
|
||||
# update file if necessary
|
||||
if ! [ "$localFileChecksum" = "$repoFileChecksum" ]; then
|
||||
printf "[AVAILABLE]\n"
|
||||
updatesAvailable=$((updatesAvailable + 1))
|
||||
# download update
|
||||
printf "Downloading updated '%s'... " "$updateFilename"
|
||||
if ! wget --quiet --tries=3 --timeout=10 -O "$updateFilename.tmp" "${server}${updateFilename}"; then
|
||||
errNotify
|
||||
updateFailed=$((updateFailed + 1))
|
||||
# delete corrupted download file as necessary
|
||||
downloadFailed=$((downloadFailed + 1))
|
||||
# delete failed download file as necessary
|
||||
rm -f "$updateFilename.tmp" 2>&1
|
||||
else
|
||||
okNotify
|
||||
updateSuccess=$((updateSuccess + 1))
|
||||
# overwrite old version of file
|
||||
mv -f "$updateFilename.tmp" "$updateFilename"
|
||||
downloadSuccess=$((downloadSuccess + 1))
|
||||
# verify download
|
||||
printf "Verifying '%s'... " "$updateFilename"
|
||||
localFileChecksum=$(sha256sum "$updateFilename.tmp" | grep -o '^\S*')
|
||||
if ! [ "$localFileChecksum" = "$repoFileChecksum" ]; then
|
||||
errNotify
|
||||
updateFailed=$((updateFailed + 1))
|
||||
# delete corrupted download file as necessary
|
||||
rm -f "$updateFilename.tmp" 2>&1
|
||||
else
|
||||
okNotify
|
||||
updateSuccess=$((updateSuccess + 1))
|
||||
# overwrite old version of file
|
||||
mv -f "$updateFilename.tmp" "$updateFilename"
|
||||
fi
|
||||
fi
|
||||
else
|
||||
printf "[NONE]\n"
|
||||
fi
|
||||
else
|
||||
printf "[NONE]\n"
|
||||
fi
|
||||
done <"$checksumFilename"
|
||||
|
||||
done <"$checksumFilename"
|
||||
fi
|
||||
|
||||
### display results
|
||||
printf "\n%sResults:%s\n" "$info" "$norm"
|
||||
printf "\tUpdates: %s available\n" "$updatesAvailable"
|
||||
printf "\tDownloads: %s%s successful%s, %s%s failed%s\n" "$ok" "$downloadSuccess" "$norm" "$err" "$downloadFailed" "$norm"
|
||||
printf "\tUpdates: %s%s applied%s, %s%s failed%s\n" "$ok" "$updateSuccess" "$norm" "$err" "$updateFailed" "$norm"
|
||||
if [ "$doScriptUpdate" -eq 1 ]; then
|
||||
printf "\n%s*** Results ***%s\n" "$info" "$norm"
|
||||
printf "\tUpdates: %s available\n" "$updatesAvailable"
|
||||
printf "\tDownloads: %s%s successful%s, %s%s failed%s\n" "$ok" "$downloadSuccess" "$norm" "$err" "$downloadFailed" "$norm"
|
||||
printf "\tUpdates: %s%s applied%s, %s%s failed%s\n" "$ok" "$updateSuccess" "$norm" "$err" "$updateFailed" "$norm"
|
||||
fi
|
||||
|
||||
exit 0
|
||||
Reference in New Issue
Block a user